[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

openSUSE-SU-2012:0236-1 -- Suse kernel

ID: oval:org.secpod.oval:def:400400Date: (C)2012-12-31   (M)2024-02-19
Class: PATCHFamily: unix




The openSUSE 11.4 kernel was updated to fix bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read on a specific socket, it"s possible to corrupt memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used. CVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. CVE-2011-1173: A kernel information leak via ip6_tables was fixed. CVE-2011-1172: A kernel information leak via ip6_tables netfilter was fixed. CVE-2011-1171: A kernel information leak via ip_tables was fixed. CVE-2011-1170: A kernel information leak via arp_tables was fixed. CVE-2011-1080: A kernel information leak via netfilter was fixed. CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating "\0" character. CVE-2011-1770: Integer underflow in the dccp_parse_options function in the Linux kernel allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol packet with an invalid feature options length, which triggered a buffer over-read. CVE-2011-2723: The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel, when Generic Receive Offload is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service via crafted network traffic. CVE-2011-2898: A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory. CVE-2011-4087: A local denial of service when using bridged networking via a flood ping was fixed. CVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. CVE-2011-4081: Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket. Special Instructions and Notes: Please reboot the system after installing this update.

Product:
kernel
Reference:
openSUSE-SU-2012:0236-1
CVE-2011-1080
CVE-2011-1170
CVE-2011-1171
CVE-2011-1172
CVE-2011-1173
CVE-2011-1770
CVE-2011-2203
CVE-2011-2213
CVE-2011-2534
CVE-2011-2699
CVE-2011-2723
CVE-2011-2898
CVE-2011-4081
CVE-2011-4087
CVE-2011-4604
CVE-2010-3880
CVE    16
CVE-2011-2723
CVE-2011-2898
CVE-2011-2534
CVE-2011-2699
...
CPE    1
cpe:/o:opensuse:opensuse:11.4

© SecPod Technologies